systemd/man/systemd.exec.xml

	systemd.exec.xml revision b4c14404b3e8753c41bac0b1d49369230a15c544
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning<!--
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  This file is part of systemd.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  Copyright 2010 Lennart Poettering
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  systemd is free software; you can redistribute it and/or modify it
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  under the terms of the GNU Lesser General Public License as published by
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  the Free Software Foundation; either version 2.1 of the License, or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  (at your option) any later version.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  systemd is distributed in the hope that it will be useful, but
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  WITHOUT ANY WARRANTY; without even the implied warranty of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  Lesser General Public License for more details.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  You should have received a copy of the GNU Lesser General Public License
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  along with systemd; If not, see <http://www.gnu.org/licenses/>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning-->
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning<refentry id="systemd.exec">
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  <refentryinfo>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <title>systemd.exec</title>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <productname>systemd</productname>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <authorgroup>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <author>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <contrib>Developer</contrib>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <firstname>Lennart</firstname>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <surname>Poettering</surname>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <email>lennart@poettering.net</email>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </author>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    </authorgroup>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  </refentryinfo>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  <refmeta>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <refentrytitle>systemd.exec</refentrytitle>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <manvolnum>5</manvolnum>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  </refmeta>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  <refnamediv>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <refname>systemd.exec</refname>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <refpurpose>Execution environment configuration</refpurpose>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  </refnamediv>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  <refsynopsisdiv>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <para><filename><replaceable>service</replaceable>.service</filename>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <filename><replaceable>socket</replaceable>.socket</filename>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <filename><replaceable>mount</replaceable>.mount</filename>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <filename><replaceable>swap</replaceable>.swap</filename></para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  </refsynopsisdiv>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  <refsect1>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <title>Description</title>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <para>Unit configuration files for services, sockets, mount
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    points, and swap devices share a subset of configuration options
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    which define the execution environment of spawned
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    processes.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <para>This man page lists the configuration options shared by
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    these four unit types. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    for the common options of all unit configuration files, and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    for more information on the specific unit configuration files. The
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    execution specific configuration options are configured in the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    [Service], [Socket], [Mount], or [Swap] sections, depending on the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    unit type.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  </refsect1>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  <refsect1>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <title>Options</title>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <variablelist class='unit-directives'>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>WorkingDirectory=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes an absolute directory path, or the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        special value <literal>~</literal>. Sets the working directory
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for executed processes. If set to <literal>~</literal>, the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        home directory of the user specified in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>User=</varname> is used. If not set, defaults to the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        root directory when systemd is running as a system instance
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        and the respective user's home directory if run as user. If
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the setting is prefixed with the <literal>-</literal>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        character, a missing working directory is not considered
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        fatal.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>RootDirectory=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes an absolute directory path. Sets the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        root directory for executed processes, with the <citerefentry
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        system call. If this is used, it must be ensured that the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        process binary and all its auxiliary files are available in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the <function>chroot()</function> jail.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>User=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>Group=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the Unix user or group that the processes
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        are executed as, respectively. Takes a single user or group
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        name or ID as argument. If no group is set, the default group
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        of the user is chosen.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SupplementaryGroups=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the supplementary Unix groups the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes are executed as. This takes a space-separated list
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        of group names or IDs. This option may be specified more than
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        once, in which case all listed groups are set as supplementary
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        groups. When the empty string is assigned, the list of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        supplementary groups is reset, and all assignments prior to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        this one will have no effect. In any way, this option does not
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        override, but extends the list of supplementary groups
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        configured in the system group database for the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        user.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>Nice=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the default nice level (scheduling
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        priority) for executed processes. Takes an integer between -20
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (highest priority) and 19 (lowest priority). See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>setpriority</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>OOMScoreAdjust=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the adjustment level for the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Out-Of-Memory killer for executed processes. Takes an integer
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        between -1000 (to disable OOM killing for this process) and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        1000 (to make killing of this process under memory pressure
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        very likely). See <ulink
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        url="https://www.kernel.org/doc/Documentation/filesystems/proc.txt">proc.txt</ulink>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>IOSchedulingClass=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the I/O scheduling class for executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes. Takes an integer between 0 and 3 or one of the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        strings <option>none</option>, <option>realtime</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>best-effort</option> or <option>idle</option>. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>IOSchedulingPriority=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the I/O scheduling priority for executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes. Takes an integer between 0 (highest priority) and 7
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (lowest priority). The available priorities depend on the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        selected I/O scheduling class (see above). See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>ioprio_set</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>CPUSchedulingPolicy=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the CPU scheduling policy for executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes. Takes one of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>other</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>batch</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>idle</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>fifo</option> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>rr</option>. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>CPUSchedulingPriority=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the CPU scheduling priority for executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes. The available priority range depends on the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        selected CPU scheduling policy (see above). For real-time
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        scheduling policies an integer between 1 (lowest priority) and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        99 (highest priority) can be used. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details. </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>CPUSchedulingResetOnFork=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a boolean argument. If true, elevated
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        CPU scheduling priorities and policies will be reset when the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        executed processes fork, and can hence not leak into child
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>sched_setscheduler</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details. Defaults to false.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>CPUAffinity=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Controls the CPU affinity of the executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes. Takes a list of CPU indices or ranges separated by
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        either whitespace or commas. CPU ranges are specified by the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        lower and upper CPU indices separated by a dash.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        This option may be specified more than once, in which case the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        specified CPU affinity masks are merged. If the empty string
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is assigned, the mask is reset, all assignments prior to this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        will have no effect. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>sched_setaffinity</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>UMask=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Controls the file mode creation mask. Takes an
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        access mode in octal notation. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>umask</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details. Defaults to 0022.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>Environment=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets environment variables for executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes. Takes a space-separated list of variable
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        assignments. This option may be specified more than once, in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        which case all listed variables will be set. If the same
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        variable is set twice, the later setting will override the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        earlier setting. If the empty string is assigned to this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        option, the list of environment variables is reset, all prior
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        assignments have no effect. Variable expansion is not
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        performed inside the strings, however, specifier expansion is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        possible. The $ character has no special meaning. If you need
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        to assign a value containing spaces to a variable, use double
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        quotes (") for the assignment.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>Example:
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <programlisting>Environment="VAR1=word1 word2" VAR2=word3 "VAR3=$word 5 6"</programlisting>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        gives three variables <literal>VAR1</literal>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <literal>VAR2</literal>, <literal>VAR3</literal>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        with the values <literal>word1 word2</literal>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <literal>word3</literal>, <literal>$word 5 6</literal>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        </para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details about environment variables.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>EnvironmentFile=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Similar to <varname>Environment=</varname> but
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        reads the environment variables from a text file. The text
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        file should contain new-line-separated variable assignments.
de8c4a14ec9a49bad5e62b2cfa6c1ba21de1c708Erik Nordmark        Empty lines, lines without an <literal>=</literal> separator,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        or lines starting with ; or # will be ignored,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        which may be used for commenting. A line ending with a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        backslash will be concatenated with the following one,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        allowing multiline variable definitions. The parser strips
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        leading and trailing whitespace from the values of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        assignments, unless you use double quotes (").</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>The argument passed should be an absolute filename or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        wildcard expression, optionally prefixed with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <literal>-</literal>, which indicates that if the file does
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        not exist, it will not be read and no error or warning message
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is logged. This option may be specified more than once in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        which case all specified files are read. If the empty string
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is assigned to this option, the list of file to read is reset,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        all prior assignments have no effect.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>The files listed with this directive will be read
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        shortly before the process is executed (more specifically,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        after all processes from a previous unit state terminated.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        This means you can generate these files in one unit state, and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        read it with this option in the next).</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>Settings from these
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        files override settings made with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>Environment=</varname>. If the same variable is set
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        twice from these files, the files will be read in the order
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        they are specified and the later setting will override the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        earlier setting.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>PassEnvironment=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Pass environment variables from the systemd system
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        manager to executed processes. Takes a space-separated list of variable
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        names. This option may be specified more than once, in which case all
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        listed variables will be set. If the empty string is assigned to this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        option, the list of environment variables is reset, all prior
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        assignments have no effect. Variables that are not set in the system
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        manager will not be passed and will be silently ignored.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>Variables passed from this setting are overridden by those passed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        from <varname>Environment=</varname> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>EnvironmentFile=</varname>.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>Example:
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <programlisting>PassEnvironment=VAR1 VAR2 VAR3</programlisting>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        passes three variables <literal>VAR1</literal>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <literal>VAR2</literal>, <literal>VAR3</literal>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        with the values set for those variables in PID1.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>environ</refentrytitle><manvolnum>7</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details about environment variables.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>StandardInput=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Controls where file descriptor 0 (STDIN) of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the executed processes is connected to. Takes one of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>null</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>tty</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>tty-force</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>tty-fail</option> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>socket</option>.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>If <option>null</option> is selected, standard input
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        will be connected to <filename>/dev/null</filename>, i.e. all
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        read attempts by the process will result in immediate
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        EOF.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>If <option>tty</option> is selected, standard input is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        connected to a TTY (as configured by
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>TTYPath=</varname>, see below) and the executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        process becomes the controlling process of the terminal. If
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the terminal is already being controlled by another process,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the executed process waits until the current controlling
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        process releases the terminal.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>tty-force</option> is similar to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>tty</option>, but the executed process is forcefully
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        and immediately made the controlling process of the terminal,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        potentially removing previous controlling processes from the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        terminal.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>tty-fail</option> is similar to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>tty</option> but if the terminal already has a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        controlling process start-up of the executed process
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        fails.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>The <option>socket</option> option is only valid in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        socket-activated services, and only when the socket
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        configuration file (see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details) specifies a single socket only. If this option is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        set, standard input will be connected to the socket the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        service was activated from, which is primarily useful for
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        compatibility with daemons designed for use with the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        traditional
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='freebsd'><refentrytitle>inetd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        daemon.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>This setting defaults to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>null</option>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>StandardOutput=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Controls where file descriptor 1 (STDOUT) of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the executed processes is connected to. Takes one of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>inherit</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>null</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>tty</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>journal</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>syslog</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>kmsg</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>journal+console</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>syslog+console</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>kmsg+console</option> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>socket</option>.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>inherit</option> duplicates the file descriptor
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        of standard input for standard output.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>null</option> connects standard output to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/dev/null</filename>, i.e. everything written to it
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        will be lost.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>tty</option> connects standard output to a tty
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (as configured via <varname>TTYPath=</varname>, see below). If
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the TTY is used for output only, the executed process will not
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        become the controlling process of the terminal, and will not
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        fail or wait for other processes to release the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        terminal.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>journal</option> connects standard output with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the journal which is accessible via
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Note that everything that is written to syslog or kmsg (see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        below) is implicitly stored in the journal as well, the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        specific two options listed below are hence supersets of this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        one.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>syslog</option> connects standard output to the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        system syslog service, in addition to the journal. Note that
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the journal daemon is usually configured to forward everything
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        it receives to syslog anyway, in which case this option is no
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        different from <option>journal</option>.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>kmsg</option> connects standard output with the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        kernel log buffer which is accessible via
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>dmesg</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        in addition to the journal. The journal daemon might be
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        configured to send all logs to kmsg anyway, in which case this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        option is no different from <option>journal</option>.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>journal+console</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>syslog+console</option> and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>kmsg+console</option> work in a similar way as the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        three options above but copy the output to the system console
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        as well.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para><option>socket</option> connects standard output to a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        socket acquired via socket activation. The semantics are
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        similar to the same option of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardInput=</varname>.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>This setting defaults to the value set with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>DefaultStandardOutput=</option> in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        which defaults to <option>journal</option>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>StandardError=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Controls where file descriptor 2 (STDERR) of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the executed processes is connected to. The available options
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        are identical to those of <varname>StandardOutput=</varname>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        with one exception: if set to <option>inherit</option> the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        file descriptor used for standard output is duplicated for
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        standard error. This setting defaults to the value set with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>DefaultStandardError=</option> in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        which defaults to <option>inherit</option>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>TTYPath=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the terminal device node to use if
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        standard input, output, or error are connected to a TTY (see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        above). Defaults to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/dev/console</filename>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>TTYReset=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Reset the terminal device specified with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>TTYPath=</varname> before and after execution.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Defaults to <literal>no</literal>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
de8c4a14ec9a49bad5e62b2cfa6c1ba21de1c708Erik Nordmark      <varlistentry>
de8c4a14ec9a49bad5e62b2cfa6c1ba21de1c708Erik Nordmark        <term><varname>TTYVHangup=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Disconnect all clients which have opened the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        terminal device specified with <varname>TTYPath=</varname>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        before and after execution. Defaults to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <literal>no</literal>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>TTYVTDisallocate=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>If the terminal device specified with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>TTYPath=</varname> is a virtual console terminal, try
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        to deallocate the TTY before and after execution. This ensures
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        that the screen and scrollback buffer is cleared. Defaults to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <literal>no</literal>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SyslogIdentifier=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the process name to prefix log lines sent
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        to the logging system or the kernel log buffer with. If not
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        set, defaults to the process name of the executed process.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        This option is only useful when
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardOutput=</varname> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardError=</varname> are set to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>syslog</option>, <option>journal</option> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>kmsg</option> (or to the same settings in combination
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        with <option>+console</option>).</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SyslogFacility=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the syslog facility to use when logging
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        to syslog. One of <option>kern</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>user</option>, <option>mail</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>daemon</option>, <option>auth</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>syslog</option>, <option>lpr</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>news</option>, <option>uucp</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>cron</option>, <option>authpriv</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>ftp</option>, <option>local0</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>local1</option>, <option>local2</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>local3</option>, <option>local4</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>local5</option>, <option>local6</option> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>local7</option>. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
07d13e573541b3558ff2c74bdbb227165aa597a7anders        for details. This option is only useful when
07d13e573541b3558ff2c74bdbb227165aa597a7anders        <varname>StandardOutput=</varname> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardError=</varname> are set to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>syslog</option>. Defaults to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>daemon</option>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SyslogLevel=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>The default syslog level to use when logging to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        syslog or the kernel log buffer. One of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>emerg</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>alert</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>crit</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>err</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>warning</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>notice</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>info</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>debug</option>. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details. This option is only useful when
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardOutput=</varname> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardError=</varname> are set to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>syslog</option> or <option>kmsg</option>. Note that
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        individual lines output by the daemon might be prefixed with a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        different log level which can be used to override the default
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        log level specified here. The interpretation of these prefixes
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        may be disabled with <varname>SyslogLevelPrefix=</varname>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        see below. For details, see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Defaults to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>info</option>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SyslogLevelPrefix=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a boolean argument. If true and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardOutput=</varname> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardError=</varname> are set to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>syslog</option>, <option>kmsg</option> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>journal</option>, log lines written by the executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        process that are prefixed with a log level will be passed on
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        to syslog with this log level set but the prefix removed. If
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        set to false, the interpretation of these prefixes is disabled
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        and the logged lines are passed on as-is. For details about
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        this prefixing see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Defaults to true.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>TimerSlackNSec=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the timer slack in nanoseconds for the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        executed processes. The timer slack controls the accuracy of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        wake-ups triggered by timers. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>prctl</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for more information. Note that in contrast to most other time
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        span definitions this parameter takes an integer value in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        nano-seconds if no unit is specified. The usual time units are
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        understood too.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitCPU=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitFSIZE=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitDATA=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitSTACK=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitCORE=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitRSS=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitNOFILE=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitAS=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitNPROC=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitMEMLOCK=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitLOCKS=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitSIGPENDING=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitMSGQUEUE=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitNICE=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitRTPRIO=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>LimitRTTIME=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>These settings set both soft and hard limits
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        of various resources for executed processes. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details. Use the string <varname>infinity</varname> to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        configure no limit on a specific resource. The multiplicative
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        suffixes K (=1024), M (=1024*1024) and so on for G, T, P and E
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        may be used for resource limits measured in bytes
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (e.g. LimitAS=16G). For the limits referring to time values,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the usual time units ms, s, min, h and so on may be used (see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details). Note that if no time unit is specified for
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>LimitCPU=</varname> the default unit of seconds is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        implied, while for <varname>LimitRTTIME=</varname> the default
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        unit of microseconds is implied. Also, note that the effective
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        granularity of the limits might influence their
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        enforcement. For example, time limits specified for
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>LimitCPU=</varname> will be rounded up implicitly to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        multiples of 1s.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>Note that most process resource limits configured with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        these options are per-process, and processes may fork in order
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        to acquire a new set of resources that are accounted
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        independently of the original process, and may thus escape
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        limits set. Also note that <varname>LimitRSS=</varname> is not
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        implemented on Linux, and setting it has no effect. Often it
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is advisable to prefer the resource controls listed in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        over these per-process limits, as they apply to services as a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        whole, may be altered dynamically at runtime, and are
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        generally more expressive. For example,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>MemoryLimit=</varname> is a more powerful (and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        working) replacement for <varname>LimitRSS=</varname>.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <table>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning          <title>Limit directives and their equivalent with ulimit</title>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning          <tgroup cols='3'>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning            <colspec colname='directive' />
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning            <colspec colname='equivalent' />
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning            <colspec colname='unit' />
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning            <thead>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Directive</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit equivalent</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Unit</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning            </thead>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning            <tbody>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitCPU=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -t</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Seconds</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitFSIZE=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -f</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Bytes</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitDATA=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -d</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Bytes</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitSTACK=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -s</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Bytes</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitCORE=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -c</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Bytes</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitRSS=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -m</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Bytes</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitNOFILE=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -n</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Number of File Descriptors</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitAS=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -v</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Bytes</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitNPROC=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -u</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Number of Processes</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning                <entry>LimitMEMLOCK=</entry>
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning                <entry>ulimit -l</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Bytes</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitLOCKS=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -x</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Number of Locks</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitSIGPENDING=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -i</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Number of Queued Signals</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitMSGQUEUE=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -q</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Bytes</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitNICE=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -e</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Nice Level</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitRTPRIO=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>ulimit -r</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Realtime Priority</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              <row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>LimitRTTIME=</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>No equivalent</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning                <entry>Microseconds</entry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning              </row>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning            </tbody>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning          </tgroup>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        </table></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>PAMName=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Sets the PAM service name to set up a session
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        as. If set, the executed process will be registered as a PAM
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        session under the specified service name. This is only useful
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        in conjunction with the <varname>User=</varname> setting. If
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        not set, no PAM session will be opened for the executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>CapabilityBoundingSet=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Controls which capabilities to include in the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        capability bounding set for the executed process. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details. Takes a whitespace-separated list of capability
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        names as read by
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='mankier'><refentrytitle>cap_from_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        e.g. <constant>CAP_SYS_ADMIN</constant>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>CAP_DAC_OVERRIDE</constant>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>CAP_SYS_PTRACE</constant>. Capabilities listed will
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        be included in the bounding set, all others are removed. If
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the list of capabilities is prefixed with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <literal>~</literal>, all but the listed capabilities will be
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        included, the effect of the assignment inverted. Note that
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        this option also affects the respective capabilities in the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        effective, permitted and inheritable capability sets, on top
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        of what <varname>Capabilities=</varname> does. If this option
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is not used, the capability bounding set is not modified on
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        process execution, hence no limits on the capabilities of the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        process are enforced. This option may appear more than once, in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        which case the bounding sets are merged. If the empty string
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is assigned to this option, the bounding set is reset to the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        empty capability set, and all prior settings have no effect.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        If set to <literal>~</literal> (without any further argument),
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the bounding set is reset to the full set of available
3986c91e1475e8a41e75969310e5abe7fb516983anders        capabilities, also undoing any previous
3986c91e1475e8a41e75969310e5abe7fb516983anders        settings.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SecureBits=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Controls the secure bits set for the executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        process. Takes a space-separated combination of options from
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the following list:
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>keep-caps</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>keep-caps-locked</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>no-setuid-fixup</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>no-setuid-fixup-locked</option>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>noroot</option>, and
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        <option>noroot-locked</option>.
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        This option may appear more than once, in which case the secure
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        bits are ORed. If the empty string is assigned to this option,
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        the bits are reset to 0. See
34dfe6834cf56b6816de4f0528362e98e322c5a1shenjian        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
34dfe6834cf56b6816de4f0528362e98e322c5a1shenjian        for details.</para></listitem>
34dfe6834cf56b6816de4f0528362e98e322c5a1shenjian      </varlistentry>
34dfe6834cf56b6816de4f0528362e98e322c5a1shenjian
34dfe6834cf56b6816de4f0528362e98e322c5a1shenjian      <varlistentry>
34dfe6834cf56b6816de4f0528362e98e322c5a1shenjian        <term><varname>Capabilities=</varname></term>
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        <listitem><para>Controls the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
e5083e819e9d0322245ac20a9e8d367b88b4064fshenjian        set for the executed process. Take a capability string
e5083e819e9d0322245ac20a9e8d367b88b4064fshenjian        describing the effective, permitted and inherited capability
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        sets as documented in
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        <citerefentry project='mankier'><refentrytitle>cap_from_text</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        Note that these capability sets are usually influenced (and
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        filtered) by the capabilities attached to the executed file.
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        Due to that <varname>CapabilityBoundingSet=</varname> is
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        probably a much more useful setting.</para></listitem>
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian      </varlistentry>
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian      <varlistentry>
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        <term><varname>ReadWriteDirectories=</varname></term>
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        <term><varname>ReadOnlyDirectories=</varname></term>
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        <term><varname>InaccessibleDirectories=</varname></term>
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        <listitem><para>Sets up a new file system namespace for
3986c91e1475e8a41e75969310e5abe7fb516983anders        executed processes. These options may be used to limit access
3986c91e1475e8a41e75969310e5abe7fb516983anders        a process might have to the main file system hierarchy. Each
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        setting takes a space-separated list of absolute directory
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        paths. Directories listed in
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        <varname>ReadWriteDirectories=</varname> are accessible from
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        within the namespace with the same access rights as from
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        outside. Directories listed in
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        <varname>ReadOnlyDirectories=</varname> are accessible for
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        reading only, writing will be refused even if the usual file
34dfe6834cf56b6816de4f0528362e98e322c5a1shenjian        access controls would permit this. Directories listed in
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        <varname>InaccessibleDirectories=</varname> will be made
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        inaccessible for processes inside the namespace. Note that
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        restricting access with these options does not extend to
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        submounts of a directory that are created later on. These
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        options may be specified more than once, in which case all
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        directories listed will have limited access from within the
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        namespace. If the empty string is assigned to this option, the
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        specific list is reset, and all prior assignments have no
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        effect.</para>
a5adac4d8d51bc60d7d7f5763966ce1290dc1277Yu Xiangning        <para>Paths in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>ReadOnlyDirectories=</varname>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>InaccessibleDirectories=</varname>
3986c91e1475e8a41e75969310e5abe7fb516983anders        may be prefixed with
22238f73378cc4cb6fd470f00810959bdd55aff6shenjian        <literal>-</literal>, in which case
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        they will be ignored when they do not
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        exist. Note that using this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        setting will disconnect propagation of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        mounts from the service to the host
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (propagation in the opposite direction
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        continues to work). This means that
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        this setting may not be used for
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        services which shall be able to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        install mount points in the main mount
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        namespace.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>PrivateTmp=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a boolean argument. If true, sets up a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        new file system namespace for the executed processes and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        mounts private <filename>/tmp</filename> and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/var/tmp</filename> directories inside it that is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        not shared by processes outside of the namespace. This is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        useful to secure access to temporary files of the process, but
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        makes sharing between processes via <filename>/tmp</filename>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        or <filename>/var/tmp</filename> impossible. If this is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        enabled, all temporary files created by a service in these
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        directories will be removed after the service is stopped.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Defaults to false. It is possible to run two or more units
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        within the same private <filename>/tmp</filename> and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/var/tmp</filename> namespace by using the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>JoinsNamespaceOf=</varname> directive, see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details. Note that using this setting will disconnect
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        propagation of mounts from the service to the host
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (propagation in the opposite direction continues to work).
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        This means that this setting may not be used for services
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        which shall be able to install mount points in the main mount
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        namespace.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>PrivateDevices=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a boolean argument. If true, sets up a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        new /dev namespace for the executed processes and only adds
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        API pseudo devices such as <filename>/dev/null</filename>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/dev/zero</filename> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/dev/random</filename> (as well as the pseudo TTY
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        subsystem) to it, but no physical devices such as
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        <filename>/dev/sda</filename>. This is useful to securely turn
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        off physical device access by the executed process. Defaults
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        to false. Enabling this option will also remove
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>CAP_MKNOD</constant> from the capability bounding
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        set for the unit (see above), and set
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>DevicePolicy=closed</varname> (see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details). Note that using this setting will disconnect
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        propagation of mounts from the service to the host
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (propagation in the opposite direction continues to work).
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        This means that this setting may not be used for services
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        which shall be able to install mount points in the main mount
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        namespace.</para></listitem>
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib      </varlistentry>
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib      <varlistentry>
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        <term><varname>PrivateNetwork=</varname></term>
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        <listitem><para>Takes a boolean argument. If true, sets up a
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        new network namespace for the executed processes and
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        configures only the loopback network device
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        <literal>lo</literal> inside it. No other network devices will
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        be available to the executed process. This is useful to
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        securely turn off network access by the executed process.
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        Defaults to false. It is possible to run two or more units
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        within the same private network namespace by using the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>JoinsNamespaceOf=</varname> directive, see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details. Note that this option will disconnect all socket
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        families from the host, this includes AF_NETLINK and AF_UNIX.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        The latter has the effect that AF_UNIX sockets in the abstract
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        socket namespace will become unavailable to the processes
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (however, those located in the file system will continue to be
f0267584ae28753b6da2c2ca09285102868a3f4aanders        accessible).</para></listitem>
f0267584ae28753b6da2c2ca09285102868a3f4aanders      </varlistentry>
f0267584ae28753b6da2c2ca09285102868a3f4aanders
f0267584ae28753b6da2c2ca09285102868a3f4aanders      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>ProtectSystem=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a boolean argument or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <literal>full</literal>. If true, mounts the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/usr</filename> and <filename>/boot</filename>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        directories read-only for processes invoked by this unit. If
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        set to <literal>full</literal>, the <filename>/etc</filename>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        directory is mounted read-only, too. This setting ensures that
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        any modification of the vendor-supplied operating system (and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        optionally its configuration) is prohibited for the service.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        It is recommended to enable this setting for all long-running
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        services, unless they are involved with system updates or need
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        to modify the operating system in other ways. Note however
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        that processes retaining the CAP_SYS_ADMIN capability can undo
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the effect of this setting. This setting is hence particularly
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        useful for daemons which have this capability removed, for
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        example with <varname>CapabilityBoundingSet=</varname>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Defaults to off.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib      <varlistentry>
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib        <term><varname>ProtectHome=</varname></term>
af89d820d181e8b4eada2d1e9b042d910b0951e5Rao Shoaib
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a boolean argument or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <literal>read-only</literal>. If true, the directories
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/home</filename>, <filename>/root</filename> and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/run/user</filename>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        are made inaccessible and empty for processes invoked by this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        unit. If set to <literal>read-only</literal>, the three
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        directories are made read-only instead. It is recommended to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        enable this setting for all long-running services (in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        particular network-facing ones), to ensure they cannot get
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        access to private user data, unless the services actually
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        require access to the user's private data. Note however that
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        processes retaining the CAP_SYS_ADMIN capability can undo the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        effect of this setting. This setting is hence particularly
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        useful for daemons which have this capability removed, for
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        example with <varname>CapabilityBoundingSet=</varname>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Defaults to off.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>MountFlags=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a mount propagation flag:
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>shared</option>, <option>slave</option> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>private</option>, which control whether mounts in the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        file system namespace set up for this unit's processes will
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        receive or propagate mounts or unmounts. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>mount</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details. Defaults to <option>shared</option>. Use
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>shared</option> to ensure that mounts and unmounts are
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        propagated from the host to the container and vice versa. Use
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>slave</option> to run processes so that none of their
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        mounts and unmounts will propagate to the host. Use
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>private</option> to also ensure that no mounts and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        unmounts from the host will propagate into the unit processes'
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        namespace. Note that <option>slave</option> means that file
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        systems mounted on the host might stay mounted continuously in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the unit's namespace, and thus keep the device busy. Note that
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the file system namespace related options
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (<varname>PrivateTmp=</varname>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>PrivateDevices=</varname>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>ProtectSystem=</varname>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>ProtectHome=</varname>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>ReadOnlyDirectories=</varname>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>InaccessibleDirectories=</varname> and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>ReadWriteDirectories=</varname>) require that mount
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        and unmount propagation from the unit's file system namespace
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is disabled, and hence downgrade <option>shared</option> to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <option>slave</option>. </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>UtmpIdentifier=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a four character identifier string for
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        an <citerefentry
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        project='man-pages'><refentrytitle>utmp</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        and wtmp entry for this service. This should only be
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        set for services such as <command>getty</command>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        implementations (such as <citerefentry
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        project='die-net'><refentrytitle>agetty</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        where utmp/wtmp entries must be created and cleared before and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        after execution, or for services that shall be executed as if
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        they were run by a <command>getty</command> process (see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        below). If the configured string is longer than four
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        characters, it is truncated and the terminal four characters
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        are used. This setting interprets %I style string
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        replacements. This setting is unset by default, i.e. no
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        utmp/wtmp entries are created or cleaned up for this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        service.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <term><varname>UtmpMode=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <listitem><para>Takes one of <literal>init</literal>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <literal>login</literal> or <literal>user</literal>. If
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <varname>UtmpIdentifier=</varname> is set, controls which
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         type of <citerefentry
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         project='man-pages'><refentrytitle>utmp</refentrytitle><manvolnum>5</manvolnum></citerefentry>/wtmp
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         entries for this service are generated. This setting has no
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         effect unless <varname>UtmpIdentifier=</varname> is set
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         too. If <literal>init</literal> is set, only an
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <constant>INIT_PROCESS</constant> entry is generated and the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         invoked process must implement a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <command>getty</command>-compatible utmp/wtmp logic. If
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <literal>login</literal> is set, first an
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <constant>INIT_PROCESS</constant> entry, followed by a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <constant>LOGIN_PROCESS</constant> entry is generated. In
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         this case, the invoked process must implement a <citerefentry
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         project='die-net'><refentrytitle>login</refentrytitle><manvolnum>1</manvolnum></citerefentry>-compatible
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         utmp/wtmp logic. If <literal>user</literal> is set, first an
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <constant>INIT_PROCESS</constant> entry, then a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <constant>LOGIN_PROCESS</constant> entry and finally a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <constant>USER_PROCESS</constant> entry is generated. In this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         case, the invoked process may be any process that is suitable
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         to be run as session leader. Defaults to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning         <literal>init</literal>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SELinuxContext=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Set the SELinux security context of the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        executed process. If set, this will override the automated
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        domain transition. However, the policy still needs to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        authorize the transition. This directive is ignored if SELinux
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is disabled. If prefixed by <literal>-</literal>, all errors
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        will be ignored. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='die-net'><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for details.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>AppArmorProfile=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a profile name as argument. The process
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        executed by the unit will switch to this profile when started.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Profiles must already be loaded in the kernel, or the unit
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        will fail. This result in a non operation if AppArmor is not
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        enabled. If prefixed by <literal>-</literal>, all errors will
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        be ignored. </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SmackProcessLabel=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a <option>SMACK64</option> security
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        label as argument. The process executed by the unit will be
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        started under this label and SMACK will decide whether the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        process is allowed to run or not, based on it. The process
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        will continue to run under the label specified here unless the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        executable has its own <option>SMACK64EXEC</option> label, in
d68ef20e3fe871e73146fc684d29d335521dcd99Anders Persson        which case the process will transition to run under that
d68ef20e3fe871e73146fc684d29d335521dcd99Anders Persson        label. When not specified, the label that systemd is running
d68ef20e3fe871e73146fc684d29d335521dcd99Anders Persson        under is used. This directive is ignored if SMACK is
d68ef20e3fe871e73146fc684d29d335521dcd99Anders Persson        disabled.</para>
d68ef20e3fe871e73146fc684d29d335521dcd99Anders Persson
d68ef20e3fe871e73146fc684d29d335521dcd99Anders Persson        <para>The value may be prefixed by <literal>-</literal>, in
d68ef20e3fe871e73146fc684d29d335521dcd99Anders Persson        which case all errors will be ignored. An empty value may be
d68ef20e3fe871e73146fc684d29d335521dcd99Anders Persson        specified to unset previous assignments.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        </listitem>
d68ef20e3fe871e73146fc684d29d335521dcd99Anders Persson      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>IgnoreSIGPIPE=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a boolean argument. If true, causes
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>SIGPIPE</constant> to be ignored in the executed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        process. Defaults to true because <constant>SIGPIPE</constant>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        generally is useful only in shell pipelines.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>NoNewPrivileges=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a boolean argument. If true, ensures
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        that the service process and all its children can never gain
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        new privileges. This option is more powerful than the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        respective secure bits flags (see above), as it also prohibits
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        UID changes of any kind. This is the simplest, most effective
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        way to ensure that a process and its children can never
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        elevate privileges again.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SystemCallFilter=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a space-separated list of system call
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        names. If this setting is used, all system calls executed by
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the unit processes except for the listed ones will result in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        immediate process termination with the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>SIGSYS</constant> signal (whitelisting). If the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        first character of the list is <literal>~</literal>, the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        effect is inverted: only the listed system calls will result
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        in immediate process termination (blacklisting). If running in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        user mode and this option is used,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>NoNewPrivileges=yes</varname> is implied. This
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        feature makes use of the Secure Computing Mode 2 interfaces of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the kernel ('seccomp filtering') and is useful for enforcing a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        minimal sandboxing environment. Note that the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <function>execve</function>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <function>rt_sigreturn</function>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <function>sigreturn</function>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <function>exit_group</function>, <function>exit</function>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        system calls are implicitly whitelisted and do not need to be
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        listed explicitly. This option may be specified more than once,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        in which case the filter masks are merged. If the empty string
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is assigned, the filter is reset, all prior assignments will
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        have no effect.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>If you specify both types of this option (i.e.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        whitelisting and blacklisting), the first encountered will
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        take precedence and will dictate the default action
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        (termination or approval of a system call). Then the next
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        occurrences of this option will add or delete the listed
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        system calls from the set of the filtered system calls,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        depending of its type and the default action. (For example, if
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        you have started with a whitelisting of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <function>read</function> and <function>write</function>, and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        right after it add a blacklisting of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <function>write</function>, then <function>write</function>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        will be removed from the set.) </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SystemCallErrorNumber=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes an <literal>errno</literal> error number
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        name to return when the system call filter configured with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>SystemCallFilter=</varname> is triggered, instead of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        terminating the process immediately. Takes an error name such
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        as <constant>EPERM</constant>, <constant>EACCES</constant> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>EUCLEAN</constant>. When this setting is not used,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        or when the empty string is assigned, the process will be
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        terminated immediately when the filter is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        triggered.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>SystemCallArchitectures=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a space-separated list of architecture
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        identifiers to include in the system call filter. The known
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        architecture identifiers are <constant>x86</constant>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>x86-64</constant>, <constant>x32</constant>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>arm</constant> as well as the special identifier
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>native</constant>. Only system calls of the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        specified architectures will be permitted to processes of this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        unit. This is an effective way to disable compatibility with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        non-native architectures for processes, for example to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        prohibit execution of 32-bit x86 binaries on 64-bit x86-64
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        systems. The special <constant>native</constant> identifier
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        implicitly maps to the native architecture of the system (or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        more strictly: to the architecture the system manager is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        compiled for). If running in user mode and this option is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        used, <varname>NoNewPrivileges=yes</varname> is implied. Note
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        that setting this option to a non-empty list implies that
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>native</constant> is included too. By default, this
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        option is set to the empty list, i.e. no architecture system
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        call filtering is applied.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>RestrictAddressFamilies=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Restricts the set of socket address families
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        accessible to the processes of this unit. Takes a
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        space-separated list of address family names to whitelist,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        such as
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>AF_UNIX</constant>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>AF_INET</constant> or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>AF_INET6</constant>. When
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        prefixed with <constant>~</constant> the listed address
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        families will be applied as blacklist, otherwise as whitelist.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        Note that this restricts access to the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        system call only. Sockets passed into the process by other
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        means (for example, by using socket activation with socket
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        units, see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        are unaffected. Also, sockets created with
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <function>socketpair()</function> (which creates connected
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        AF_UNIX sockets only) are unaffected. Note that this option
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        has no effect on 32-bit x86 and is ignored (but works
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        correctly on x86-64). If running in user mode and this option
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is used, <varname>NoNewPrivileges=yes</varname> is implied. By
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        default, no restriction applies, all address families are
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        accessible to processes. If assigned the empty string, any
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        previous list changes are undone.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <para>Use this option to limit exposure of processes to remote
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        systems, in particular via exotic network protocols. Note that
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        in most cases, the local <constant>AF_UNIX</constant> address
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        family should be included in the configured whitelist as it is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        frequently used for local communication, including for
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        logging.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>Personality=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Controls which kernel architecture
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>uname</refentrytitle><manvolnum>2</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        shall report, when invoked by unit processes. Takes one of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <constant>x86</constant> and <constant>x86-64</constant>. This
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        is useful when running 32-bit services on a 64-bit host
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        system. If not specified, the personality is left unmodified
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        and thus reflects the personality of the host system's
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        kernel.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>RuntimeDirectory=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>RuntimeDirectoryMode=</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Takes a list of directory names. If set, one
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        or more directories by the specified names will be created
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        below <filename>/run</filename> (for system services) or below
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>$XDG_RUNTIME_DIR</varname> (for user services) when
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the unit is started, and removed when the unit is stopped. The
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        directories will have the access mode specified in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>RuntimeDirectoryMode=</varname>, and will be owned by
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        the user and group specified in <varname>User=</varname> and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>Group=</varname>. Use this to manage one or more
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        runtime directories of the unit and bind their lifetime to the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        daemon runtime. The specified directory names must be
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        relative, and may not include a <literal>/</literal>, i.e.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        must refer to simple directories to create or remove. This is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        particularly useful for unprivileged daemons that cannot
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        create runtime directories in <filename>/run</filename> due to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        lack of privileges, and to make sure the runtime directory is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        cleaned up automatically after use. For runtime directories
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        that require more complex or different configuration or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        lifetime guarantees, please consider using
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    </variablelist>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  </refsect1>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  <refsect1>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <title>Environment variables in spawned processes</title>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <para>Processes started by the system are executed in a clean
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    environment in which select variables listed below are set. System
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    processes started by systemd do not inherit variables from PID 1,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    but processes started by user systemd instances inherit all
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    environment variables from the user systemd instance.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    </para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <variablelist class='environment-variables'>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$PATH</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Colon-separated list of directories to use
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        when launching executables. Systemd uses a fixed value of
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename>:<filename>/sbin</filename>:<filename>/bin</filename>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$LANG</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Locale. Can be set in
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>locale.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        or on the kernel command line (see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>).
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$USER</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$LOGNAME</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$HOME</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$SHELL</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>User name (twice), home directory, and the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        login shell. The variables are set for the units that have
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>User=</varname> set, which includes user
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <command>systemd</command> instances. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='die-net'><refentrytitle>passwd</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$XDG_RUNTIME_DIR</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>The directory for volatile state. Set for the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        user <command>systemd</command> instance, and also in user
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        sessions. See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$XDG_SESSION_ID</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$XDG_SEAT</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$XDG_VTNR</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>The identifier of the session, the seat name,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        and virtual terminal of the session. Set by
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>pam_systemd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        for login sessions. <varname>$XDG_SEAT</varname> and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>$XDG_VTNR</varname> will only be set when attached to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        a seat and a tty.</para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$MAINPID</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>The PID of the units main process if it is
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        known. This is only set for control processes as invoked by
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>ExecReload=</varname> and similar. </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$MANAGERPID</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>The PID of the user <command>systemd</command>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        instance, set for processes spawned by it. </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$LISTEN_FDS</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$LISTEN_PID</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
d36be52ed67a633ea5724b688769f5c0e7e4c203Rao Shoaib        <listitem><para>Information about file descriptors passed to a
d36be52ed67a633ea5724b688769f5c0e7e4c203Rao Shoaib        service for socket activation. See
d36be52ed67a633ea5724b688769f5c0e7e4c203Rao Shoaib        <citerefentry><refentrytitle>sd_listen_fds</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <term><varname>$TERM</varname></term>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <listitem><para>Terminal type, set only for units connected to
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        a terminal (<varname>StandardInput=tty</varname>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardOutput=tty</varname>, or
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <varname>StandardError=tty</varname>). See
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>termcap</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        </para></listitem>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </varlistentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    </variablelist>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <para>Additional variables may be configured by the following
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    means: for processes spawned in specific units, use the
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <varname>Environment=</varname> and
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <varname>EnvironmentFile=</varname> options above; to specify
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    variables globally, use <varname>DefaultEnvironment=</varname>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    (see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    or the kernel option <varname>systemd.setenv=</varname> (see
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>).
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    Additional variables may also be set through PAM,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning    cf. <citerefentry project='man-pages'><refentrytitle>pam_env</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  </refsect1>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  <refsect1>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <title>See Also</title>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      <para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.socket</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.swap</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.mount</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.kill</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning        <citerefentry project='man-pages'><refentrytitle>exec</refentrytitle><manvolnum>3</manvolnum></citerefentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning      </para>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning  </refsect1>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning</refentry>
0f1702c5201310f0529cd5abb77652e5e9b241b6Yu Xiangning